IPSEC Site-site VPN help, please

[jonm]

I'm trying to set up an IPSeC site to site VPN using the new 'connections' but I'm struggling.

It's probably simple but can someone please explain this part of the instructions?

Key pairs

Go to the VPN->IPsec->Key Pairs option in the menu and create a new key on both hosts, then copy the public part from Site A to Site B and vice versa. Keys may easily be generated with the gear button in the Key type field.

OK, so I have generated a new key on both hosts. But then where do I copy the public part to? From Site A to Site B - where does it go on site B?

Sorry if this is obvious but it's not at all clear to me.

Thanks :)

[viragomann]

This is used for public key authentication.

Most of us still use pre-shared keys to authenticate the remote site. But public key might be more secure, so the docs recommend to use it.

If you want to do it with public keys, take the public key from A and add it to B.
You can do this also in VPN: IPsec: Key Pairs, but instead of generating one, just insert the public key into the respective field and state a name.

Also install the public key from B on A in the same manner.

In the authentication settings you have to select "public key" for the method and the proper public keys then. On A the A key for local auth and the B key for remote auth. Do it vice versa at B.